The plugin has 500,000 + active installations. The plugin has an optional debug log where it writes all email messages including headers and body sent by the blog. The log is located inside the plugin`s installation folder “wp-content/plugins/easy-wp-smtp”/ “The plugin’s folder doesn’t have any index.html file, hence on servers that have directory listing enabled, hackers can find and view the log:” Said by Jerome Bruandet Credits: Ninja Technologies Network (NinTechNet) A password reset requires sending an email with the password reset link to the admin’s email account. The email is also recorded in the Debug log.